File: cryptodcsel.hpp

package info (click to toggle)
openvpn3-client 25%2Bdfsg-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 19,276 kB
  • sloc: cpp: 190,085; python: 7,218; ansic: 1,866; sh: 1,361; java: 402; lisp: 81; makefile: 17
file content (70 lines) | stat: -rw-r--r-- 2,336 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
//    OpenVPN -- An application to securely tunnel IP networks
//               over a single port, with support for SSL/TLS-based
//               session authentication and key exchange,
//               packet encryption, packet authentication, and
//               packet compression.
//
//    Copyright (C) 2012- OpenVPN Inc.
//
//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
//

// Select appropriate OpenVPN protocol data channel implementation

#ifndef OPENVPN_CRYPTO_CRYPTODCSEL_H
#define OPENVPN_CRYPTO_CRYPTODCSEL_H

#include <openvpn/common/exception.hpp>
#include <openvpn/crypto/cryptodc.hpp>
#include <openvpn/crypto/crypto_chm.hpp>
#include <openvpn/crypto/crypto_aead.hpp>
#include <openvpn/crypto/crypto_aead_epoch.hpp>
#include <openvpn/random/randapi.hpp>

namespace openvpn {

OPENVPN_EXCEPTION(crypto_dc_select);

/**
 * Implements the data channel encryption and decryption in userspace
 */
template <typename CRYPTO_API>
class CryptoDCSelect : public CryptoDCFactory
{
  public:
    typedef RCPtr<CryptoDCSelect> Ptr;

    CryptoDCSelect(SSLLib::Ctx libctx_arg,
                   const Frame::Ptr &frame_arg,
                   const SessionStats::Ptr &stats_arg,
                   const StrongRandomAPI::Ptr &rng_arg)
        : frame(frame_arg),
          stats(stats_arg),
          rng(rng_arg),
          libctx(libctx_arg)
    {
    }

    CryptoDCContext::Ptr new_obj(CryptoDCSettingsData dc_settings) override
    {
        const CryptoAlgs::Alg &alg = CryptoAlgs::get(dc_settings.cipher());
        if (alg.flags() & CryptoAlgs::CBC_HMAC)
            return new CryptoContextCHM<CRYPTO_API>(libctx, std::move(dc_settings), frame, stats, rng);
        else if (alg.flags() & CryptoAlgs::AEAD && dc_settings.useEpochKeys())
            return new AEADEpoch::CryptoContext<CRYPTO_API>(libctx, std::move(dc_settings), frame, stats);
        else if (alg.flags() & CryptoAlgs::AEAD)
            return new AEAD::CryptoContext<CRYPTO_API>(libctx, std::move(dc_settings), frame, stats);
        else
            OPENVPN_THROW(crypto_dc_select, alg.name() << ": only CBC/HMAC and AEAD cipher modes supported");
    }

  private:
    Frame::Ptr frame;
    SessionStats::Ptr stats;
    StrongRandomAPI::Ptr rng;
    SSLLib::Ctx libctx;
};

} // namespace openvpn

#endif